Sony Rootkits its DRM, Part IV

Posted on November 17, 2005
Filed Under /dev/null/ | 200 views |

Poor Sony, now they’re getting it hard. Even though they’ve announced that they’re pulling their CDs from the shelves and instituting an exchange program they’re still getting burned for treating their users like crap.

It’s amusing to see a massive corporation humbled by the power of consumer outrage. Sony Corp has gone from petulant irritation:

“Most people, I think, don’t even know what a rootkit is, so why should they care about it?” - Thomas Hesse, President of Sony’s Global Digital Business
- President of Sony Global Digital Business gives a pass to the rootkit

to servile back-peddling in less than a week:

“We share the concerns of consumers regarding discs with XCP content-protected software, and, for this reason, we are instituting a consumer exchange program and removing all unsold CDs with this software from retail outlets,” Sony BMG said in an statement.
- Sony Folds Tent, Recalls CDs

which serves them right. They’ve also gone from suggesting this is an edge-case issue that most people won’t have any problem with to having their CDs banned from the networks of corporate, government and educational institutions. Sayeth Alberta Agriculture:

Currently, only Sony/BMG music CD’s are known to behave this way, however, other record comapnies (sic) will undoubtedly follow along this path in the name of “protecting” their content.

Because of this, we must advise that NO music CD’s should be used on ANY AAFRD workstations in the future.
- Craphound

That’s right, thanks to Sony the poor people at Alberta Agriculture are not allowed to bring any music CDs in to work anymore. Long live the mp3!

The University of Canberra takes a slightly more reasonable approach:

It has been brought to our attention that there is significant risk to the security and the operation of UC computers in using Sony BMG produced CDs.
For this reason, the use of Sony BMG produced CDs in University of Canberra computers is prohibited.
- Craphound

Even the Department of Homeland Security is pissed at Sony, in typically government sort of way, which is to say expressing its rage through passive-aggressive innuendo:

“There’s been a lot of publicity recently about tactics used in pursuing protection for music and DVD CDs in which questions have been raised about whether the protection measures install hidden files on peoples’ computers that even the system administrators can’t find.
…
It’s very important to remember that it’s your intellectual property — it’s not your computer. And in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days.”
- Stewart Baker, Department of Homeland Security’s Assistant Secretary for Policy
- DHS Official Weighs In on Sony

Expect to see more and more corporate policies following suite as media coverage of this issue continues to grow. Yay Sony, you’ve managed to do more to legitimize and promote the need for digital downloading than anyone since the original Napster.

On the other hand they seem to be finally doing the right thing in trying to properly develop their rootkit uninstaller. The downloads page for it currently states:

November 15th, 2005 - We currently are working on a new tool to uninstall First4Internet XCP software. In the meantime, we have temporarily suspended distribution of the existing uninstall tool for this software. We encourage you to return to this site over the next few days. Thank you for your patience and understanding.

Patience and understanding aside, I suspect it occurred to someone inside Sony that the original uninstaller they put up was so flawed and dangerous that it opened them up to more liability than the original rootkit did.

How bad is that original uninstaller? So bad that it allowed literally any website to run malicious software on the computers of anyone unfortunate enough to have used it. Simply show up at the site, browse a web page and have your machine 0w3n3d:

Websense has uncovered only a couple of Web sites set up to attack flaws in the initial uninstall program, and the damage they cause appears to be minimal so far. One of them, hosted in the United States, simply restarts infected computers.

“It’s someone trying to make a point,” said Dan Hubbard, senior director of security and technology research at Websense. “They could have done a lot worse.”
- Attack targets Sony ‘rootkit’ fix

This story keeps getting weirder and weirder, and worse and worse for Sony.

Comments

• 
  

• The Other Blog (for geeks)

  binary code

• Pages

  • Installing calc.pl under OS X
  • Ruby Class: Mach Speed
  • Ruby Class: Temperature Conversion

• Recent Posts

  • This is The End
  • Yeah Sure, Go Nuts
  • iTunes Movies in Canada: First Impressions
  • The Reason Dev Environments Should be Sandboxed
  • CNN Shirts Beta
  • HP Thinks I’m an Idiot
  • But It Always Says It’s Sorry Afterwards!
  • Explaining My Twittering
  • Creative Looks Gift Horse In Mouth, Shoots it In Head, Apologizes Afterwards
  • Ventus Available Gratis

• Software

  • Drop Bocks

• Stuff and Things

  • Accordion Guy
  • blog-j
  • blogaritaville
  • David Akin’s On the Hill
  • Diana Galligan
  • FA: OSX
  • Fingers
  • Full Frontal Lobotomy
  • fuzzz.gaulin.ca
  • Global Nerdy
  • Ice 9
  • Kat Mullaly
  • kattekylling
  • Keebler.net
  • Paul Baranowski
  • Pony
  • Postmodern Sass
  • radical TRUST
  • Raganwald
  • Salad with Steve
  • Spiralgirl
  • The Dust bin

• Categories

  • /dev/code/
  • /dev/debug/
  • /dev/dropbocks/
  • /dev/null/
  • /dev/ruby

• About

  This is an area on your website where you can add text. This will serve as an informative location on your website, where you can talk about your site.

• Search

• Admin

  • Log in
  • Wordpress
  • XHTML